Juniper introduces Adaptive Threat Management

Juniper is this week introducing software that lets security platforms -- even those made by other vendors -- share and analyze log information in order to determine the root cause of network problems and fix them.

Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and UAC (Unified Access Control) devices that enable them to publish log information to a UAC server that shares the data with other platforms.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The interface between the SSL and UAC devices and the server is a standard known as IF-MAP, a communication interface for creating a two-way street between network devices and the server to which device data is published.

Adaptive Threat Management can support devices made by other vendors, but those devices must comply with IF-MAP. So if a security platform made by another vendor publishes data using the IF-MAP interface, it can become part of an Adaptive Threat Management deployment, Juniper says.

Customers that have a firewall in place from another vendor could potentially keep it but enable it to publish log data to the central IF-MAP server where other devices could access it, analyze it, and act upon it. And the firewall could subscribe to information from the server in order to respond to new threats.

It is important for Juniper to bring together its network and security offerings in order to make the case that its disparate gear can be deployed as a coordinated security system that embraces other vendors, says Phil Hochmuth, an analyst with the Yankee Group.

With Adaptive Threat Management, customers can create a single user-based policy that is pushed to devices in the network, saving administrative time on configuration. "You're not having to scramble around to push policy to 10 different boxes," Hochmuth says.

Adaptive Threat Management is reminiscent of Cisco's TrustSec, which uses centrally defined access policies enforced in the network -- but Cisco uses its switches to enforce the policies, Hochmuth says. "It is a major architectural strategy to glue together the individual parts of access control," he says.

IF-MAP is supported by a handful of vendors including Aruba Networks, ArcSight, Infoblox, Lumeta and nSolutions.

Last year, Juniper revamped and renamed its management platforms to NSM (Network and Security Manager), which centrally manages policies for Juniper's network and security gear, setting the stage for different classes of devices sharing data.

The NSM platform has been upgraded to include more standard reports that map to the behavior of devices in the network that it deals with. These reports can be used as the audit trails necessary for some regulatory compliance or for internal audits to gauge network security, the company says.